Using Microsoft Graph, I want to search for SharePoint sites containing specific names and moreover I want to get a list of all SharePoint sites.
I am using the following URL in the Graph Explorer:
https://graph.microsoft.com/v1.0/sites?search=test
or
https://graph.microsoft.com/v1.0/sites?search=*
When using an account from Company A everything works. I receive a list of all results.
But when using an account from Company B, I get a 404 NOT FOUND response for all queries (although there should be multiple results):
{
"error": {
"code": "itemNotFound",
"message": "Item not found",
"innerError": {
"date": "2022-01-01T14:59:35",
"request-id": "xxxxxx",
"client-request-id": "xxxxxx"
}
}
}
Maybe it has something to do with the rights of the users?
I tested with "normal" users at both companies.
Edit:
I also get an error (403 Access denied) using the following url:
https://graph.microsoft.com/v1.0/sites/root
But when accessing a specific site by it's id, everything works.
Edit 2
I noticed a relationship with the permissions of the root SharePoint site. If the user has no permission for that site, the mentioned queries are not working. I need to contact the admin of the system to check my suspicion.
Related
I have a global administrator account who consented to have access to microsoft teams.
Then using graph api https://graph.microsoft.com/beta/groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team').
It returned the list of groups for this tenant.
However, when I called https://graph.microsoft.com/beta/teams/{id}. Some of the ids worked but some of them returned "error": {
"code": "NotFound",
"message": "Failed to execute Skype backend request GetThreadS2SRequest.",
"innerError": {
"date": "2021-05-17T06:04:19",
"request-id": "02f0a689-eca6-4b0d-9f0f-9d3e876d8f08",
"client-request-id": "02f0a689-eca6-4b0d-9f0f-9d3e876d8f08"
}
}
In addition, I used https://graph.microsoft.com/v1.0/groups/{id} and it returned the group information correctly.
So why graph api returned NotFound while it is a valid team group?
Thanks,
Karen
I guess there is some confusion around teams and groups.
Not all groups have a team. Any group that has a team has a resourceProvisioningOptions property that contains "Team".
Please note that the group has the same ID as the team. Every team is associated with a group but not vice-versa. When you get NOTFound, this is because that group doesn't have a team associated so accessing https://graph.microsoft.com/beta/teams/{id} will give you 404.
Thus,
https://graph.microsoft.com/v1.0/groups/{id}/team is the same as https://graph.microsoft.com/v1.0/teams/{id}.
Please refer to the Teams and groups section in this documentation to understand better.
Problem:
Only one of our three Office 365 tenant, a Graph call fails with an itemNotFound error. The other two tenants works as expected.
Case:
When using the Graph API to access a folder on a SharePoint site, we get the following "itemNotFound" error:
{
"error": {
"code": "itemNotFound",
"message": "The resource could not be found.",
"innerError": {
"request-id": "4ea1730c-1b1d-4993-8335-4e10cc3b47c1",
"date": "2020-04-27T09:15:37"
}
}
}
Query Information:
This is the final query that fails: https://graph.microsoft.com/v1.0/sites/54929188-6c44-4555-a85b-27a698b9b572/drive/root:/InvestmentTemplate
To find information to "build" the query, that fails, we are using this query to find the site id:https://graph.microsoft.com/v1.0/sites/testnrep.sharepoint.com:/sites/DocumentTemplates
To recreate test data:
Create a site with the url "/sites/DocumentTemplates"
Add a folder name "InvestmentTemplate" to the Shared Document library
The full folder url: https://ZXY.sharepoint.com/sites/DocumentTemplates/Shared%20Documents/InvestmentTemplate
Re-stating comment above as answer as this appears to address your scenario.
I reproduced a similar scenario in my lab environment. The query succeeds when running as a tenant administrator. Query fails as a normal user. I removed all permissions granted to Graph Explorer and added them back one by one. Once I granted Files.Read.All (not just Files.Read) for the non-admin user I was then able to successfully query a similar endpoint.
As for the ":/" syntax, yes that is common to use a ":" when specifying a relative location within the siteUrl or path in a document library. See examples for site-id using relative URL or relative path within document library.
When trying to get messages as Admin (with Group.Read.All scope) I am getting following error:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "fc234750-dd35-4748-a1b3-baf4a7c5267c",
"date": "2018-11-14T09:16:55"
}
}
}
Getting teams and channels works.
I tried the same using my user (not an admin, just regular user that created the conversation) in graph explorer and everything works ok.
Is this a bug or a feature (only user giving his permission explicitly allows the app to read conversations) ?
Are you a member of the team? Admins don't get special privileges when working with messages – in order to read a message, they have to be a member of the team like anyone else.
When trying to retrieve data from a v1.0 report endpoint on a demo tenant, for example:
https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserCounts(period='D7')
I get this strange result:
{
"error": {
"code": "UnknownTenantId",
"message": "We do not recognize this tenant ID 3d64a....7279c0. Please double-check the tenant ID and try again.",
"innerError": {
"request-id": "7b7b8....8029b",
"date": "2018-04-30T09:32:46"
}
}
}
Instead of an HTTP 302 redirection to get the CSV report results (according to the doc).
I'm trying from Graph API Explorer, authenticated as tenant admin account, this has worked as expected before tenant expiration + extension (a few hours ago)
I will try in a few hours again, tomorrow etc. (I'll write the results here) because this error looks to be related to tenant expiration (or else, what is happening?)...
I'm trying to access the items of a list that is a part of a nested subsite, like this:
https://{mytenant}.sharepoint.com/
vendorSiteCollection/
vendorAppSite/
vendorList
My test user has only Read permission on the vendorAppSite Subsite. I have removed read permissions from all other sites, including the root site collection at https://{mytenant}.sharepoint.com.
If I navigate to here in a browser:
https://{mytenant}.sharepoint.com/sites/{vendorSiteCollection}/{vendorAppSite}/Lists/{vendorList}/AllItems.aspx
Then I see the list, just as expected.
However, when I make this request in the Graph Explorer:
https://graph.microsoft.com/v1.0/sites/root:/sites/{vendorSiteCollection}/{vendorAppSite}:/lists/{vendorList}?$expand=items($expand=fields)
I get a 403 forbidden response:
{
"error": {
"code": "accessDenied",
"message": "The caller does not have permission to perform the action.",
"innerError": {
"request-id": "15e2087d-8ae5-46e3-abee-4ab165629dfb",
"date": "2018-04-05T12:08:16"
}
}
}
I would have expected to be able to read the list items via the API just like I can see the list items in the SharePoint Online UI.
How can I use the Microsoft Graph API to read the items when the permission levels are set like this?
Side note: When the test user has Read permission on the root site collection at https://{mytenant}.sharepoint.com, the API works as expected. But this workaround doesn't work for us since we don't want our users to have read access to the root site collection.
This issue seems to be fixed in the MS Graph.